Skills
skills/openclaudia/openclaudia-skills/brand-research/Gen Agent Trust Hub

brand-research

Pass

Audited by Gen Agent Trust Hub on Apr 1, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses curl to interact with the brand.dev API and to download logo assets into the local file system.
  • [EXTERNAL_DOWNLOADS]: Fetches data and image files from the external brand.dev domain. This is the primary function of the skill and uses standard HTTPS requests.
  • [PROMPT_INJECTION]: There is a potential for indirect prompt injection because the skill processes untrusted data (brand names and descriptions) from an external API.
  • Ingestion points: Data enters the agent context from the api.brand.dev response as described in SKILL.md.
  • Boundary markers: No specific delimiters are defined for the fetched brand description.
  • Capability inventory: The skill has file system write access (mkdir, curl -o) and network access (curl).
  • Sanitization: The skill includes instructions to sanitize the domain input and format the brand slug (lowercase, hyphens instead of spaces) before using them in commands.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 1, 2026, 08:21 PM